Mozilla is promoting a browser-based alternative to usernames and passwords for website logins.
Browser ID offers a decentralized system for user identification and authentication along the same lines as OpenID. To use BrowserID users first have to create an account with Mozilla. After this users would be able to use the …

COMMENTS

Don't change a winning formula

I kinda stopped paying attention after "you only need to register".

Why would you want your data to be kept online somewhere when you could just as easy have it all tucked away on your local PC ?

And before anyone brings up "ease of use"; why don't they simply implement an option which allows us to import and export saved passwords? That way you can easily copy them from your main computer onto your laptop so that you can still easily visit the websites you frequent without having to worry about passwords.

Because

Some people have more than one device. I use the Firefox's sync feature because it's an easy way to put a bookmark or new password on one pc and automatically see it appear on another pc. The data is encrypted so all Mozilla know is person X has stored some blob of stuff on their server with some datestamp to facilitate synchronizing.

It's much easier than manually exporting bookmarks to some shared location and reimporting them which you could also do if you wanted. There is no UI for doing the same with passwords but you could copy the file from one machine to the other in a similar way. It wouldn't be as easy as sync is though.

it isn't

BrowserID isn't very similar to Passport in design, and does not have a central point of failure. The article's description of it is very inaccurate. See http://identity.mozilla.com/post/7616727542/introducing-browserid-a-better-way-to-sign-in .

No password, but an email address?

No

The certificate which identifies the e-mail address is held by the browser and supplied to the Browser ID site when you log in, the Browser ID site verifies the e-mail address and certificate and tells the website that you logged in okay (or not).

no

Not really seeing the point

Unless you use the same browser at home, at work, on your mobile phone etc. it'll be useless. If you want central password storage things like lastpass work well. There's facebook and twitter authentication, which this is basically competing directly with.

The motivation for accepting a system that's tied to a single browser is what exactly?

Obligatory xkcd standards post

or...

why not use public/private keys just like SSH, PuTTY and Pageant. It's trivial (and secure) to give a website your public key, and trivial for the browser (or a plugin running therein) to delegate to Pageant in the same way PuTTY does.

spam, spam, spam, spam, luv'ly spaaaaam, wonderful spaaaaaam

"To use BrowserID users first have to create an account with Mozilla. After this users would be able to use the technology to enter websites that support BrowserID simply by entering their email address."

Create an account with... Mozilla? Then, I enter a Web site by giving it my... email address?

you don't

You don't 'keep all of your passwords with a third party intermediary'. That isn't how BrowserID works at all. See http://identity.mozilla.com/post/7616727542/introducing-browserid-a-better-way-to-sign-in .

Why not support for a dongle?

Why can't we just support a hardware dongle, which would store all my keys, access info, etc., and allow the browser a means to access the dongle to retrieve a session key given the site. That way, *I* control my keys - not Mozilla, not Microsoft, not No Such Agency, not the MAFIAA - ME.

Mozilla -

Terrible report

I can understand the negative comments, because the article describes BrowserID completely and utterly incorrectly.

The neat point of BrowserID is that it *isn't* centralized and does *not* require a sign up with Mozilla. Mozilla is operating the initial verification service because, well, someone has to. But anyone can run one. The system was designed on the idea that email providers will act as verifiers for the addresses they provide.

BrowserID is a pretty elegant design and somewhat different from OpenID, but this article does a piss-poor job of understanding and explaining it. I recommend referring to:

and the rest of that blog (it's interesting stuff) instead. BrowserID may not succeed, but it's at least an interesting and well-motivated attempt to address a genuine issue. It's not just another silly vendor trying to make a play at the single-sign-in market.